The CyberWire Daily Podcast 1.16.25
Ep 2226 | 1.16.25

Bolstering the digital shield.

Transcript

President Biden issues a comprehensive cybersecurity executive order. Updates on Silk Typhoon’s US Treasury breach. A Chinese telecom hardware firm is under FBI investigation. A critical vulnerability has been found in the UEFI Secure Boot mechanism. California-based cannabis brand Stiiizy suffers a data breach. North Korea’s Lazarus Group lures freelance developers. The FTC highlights major security failures at web hosting giant GoDaddy. Veeam patches a critical vulnerability in their Backup for Microsoft Azure product. Hackers leak sensitive data from over 15,000 Fortinet firewalls. Our guest today is Oren Koren, Veriti's Co-founder and CPO, sharing insights about the state of healthcare cybersecurity. Shiver me timbers! Meta’s AI trains on a treasure chest of pirated books. 

Today is Thursday January 16th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

President Biden issues a comprehensive  cybersecurity executive order. 

As expected, President Joe Biden, just days before leaving office, issued a comprehensive cybersecurity executive order to bolster the U.S. government’s digital defenses. The directive mandates stronger network monitoring, secure software development, and stricter protections for cloud and IoT systems. It emphasizes using AI for cybersecurity, with programs to safeguard critical infrastructure and analyze threats. Agencies must adopt digital identity tools, secure open-source software, and prepare for post-quantum cryptography.

Key measures include requiring software vendors to prove secure practices, empowering the Cybersecurity and Infrastructure Security Agency (CISA) to conduct threat hunting, and reducing reliance on dominant IT providers. The order also introduces consumer IoT labeling and prioritizes research on AI security.

The directive seeks to address vulnerabilities exposed by incidents like the SolarWinds hack. However, its future depends on the incoming administration, which has yet to define its cybersecurity approach or appoint key officials. The order aims to set a strong foundation for continued improvements.

Updates on Silk Typhoon’s US Treasury breach. 

Bloomberg has an update on the Chinese state-sponsored hackers, identified as Silk Typhoon, who breached the US Treasury Department, compromising 419 computers and accessing sensitive unclassified data. The attackers targeted staff involved in sanctions, international affairs, and intelligence, stealing usernames, passwords, and over 3,000 files, including policy documents, sanctions material, and “Law Enforcement Sensitive” data. They also accessed information on investigations by the Committee on Foreign Investment in the US.

The breach occurred between September and November and exploited contractor BeyondTrust Corp.’s systems. Investigators found no evidence of malware or long-term infiltration into classified systems. Treasury reported the attack to CISA and sought FBI assistance.

Congress was informed of the breach, with officials conducting a damage assessment and considering alternatives to BeyondTrust. China denied involvement, calling the allegations “groundless.” Treasury employees will brief the Senate Banking Committee, while BeyondTrust’s systems remain offline.

A Chinese telecom hardware firm is under FBI investigation. 

The U.S. Commerce Department and FBI are investigating Baicells Technologies, a telecom hardware firm founded in China by former Huawei executives, over potential national security risks, Reuters reports. Baicells, established in 2014, supplies equipment for mobile networks across all U.S. states. The probes focus on the company’s Chinese origins, vulnerabilities in its base stations, and potential risks of remote access or espionage.

The Pentagon recently listed Baicells as linked to China’s military, while CISA flagged security flaws in its products. FBI concerns date back to 2019, including warnings to customers near sensitive U.S. sites. Despite claims of independence from its Chinese parent, critics allege Baicells is managed from China, with most equipment sourced from Chinese suppliers.

Baicells denies security risks and cooperates with investigations, but scrutiny reflects ongoing fears about Chinese telecom firms compromising U.S. infrastructure. Federal agencies and customers remain wary.

A critical vulnerability has been found in the UEFI Secure Boot mechanism. 

A critical vulnerability, CVE-2024-7344, has been found in the UEFI Secure Boot mechanism, impacting most UEFI-based systems. Discovered by ESET, the flaw allows attackers to bypass Secure Boot protections and deploy malicious bootkits like Bootkitty and BlackLotus, even on systems with Secure Boot enabled. The issue lies in a UEFI application signed by Microsoft, which improperly uses a custom loader instead of secure UEFI functions. Affected software includes recovery tools from vendors like Howyar, Greenware, and Radix.

Exploitation grants attackers persistent, undetected access during boot by replacing legitimate bootloaders. Microsoft revoked vulnerable binaries in its January 2025 Patch Tuesday update. Users are advised to update systems, ensure Secure Boot databases are current, and audit UEFI configurations. Though no real-world attacks have been observed, this vulnerability highlights concerns over third-party UEFI security practices and Microsoft’s code-signing process.

California-based cannabis brand Stiiizy suffers a data breach. 

California-based cannabis brand Stiiizy is notifying 380,000 individuals of a data breach stemming from a vendor’s cyberattack. Between October 10 and November 10, 2024, attackers accessed systems at the vendor, stealing personal information tied to four Stiiizy locations in San Francisco, Alameda, and Modesto. Compromised data includes government ID details, medical cannabis cards, transaction histories, and more.

Stiiizy suspects ransomware, as the Everest ransomware group claimed responsibility, leaking some stolen records. Stiiizy is offering affected individuals 12 months of free credit monitoring.

North Korea’s Lazarus Group lures freelance developers. 

North Korean hackers, specifically the Lazarus Group, are targeting the software supply chain in a campaign dubbed Operation 99, according to SecurityScorecard. The campaign lures Web3 and cryptocurrency developers via fake LinkedIn profiles offering freelance projects. Victims are directed to clone malicious GitLab repositories, which connect to attackers’ command-and-control servers, deploying custom malware tailored to each victim’s platform (Windows, macOS, Linux).

The malware, including Payload99/73 and MCLIP, steals files, credentials, clipboard data, and keylogs, maintaining persistence through advanced encoding and modular frameworks. Lazarus’s goal is to compromise developer workflows, steal intellectual property, and access cryptocurrency wallets.

This campaign is part of North Korea’s broader strategy to fund its regime, reportedly stealing $1.34 billion in cryptocurrency in 2023 and $660 million in 2024. The operation exemplifies the growing sophistication of North Korean cyber tactics to exploit trust and disrupt critical supply chains.

The FTC highlights major security failures at web hosting giant GoDaddy. 

The FTC has identified major security failures at web hosting giant GoDaddy, attributing multiple data breaches from 2019 to 2022 to inadequate cybersecurity practices. A proposed FTC settlement requires GoDaddy to overhaul its security measures, including implementing robust information security programs, real-time event analysis, and mandatory multi-factor authentication (MFA) for employees and third parties. The breaches exposed sensitive data, including customer credentials, credit card numbers, and websites, affecting millions of small businesses and their customers.

The FTC alleges that GoDaddy failed to manage assets, update software, monitor security events, and segment shared hosting environments, leaving customers vulnerable to malware, data theft, and website compromises. The proposed order prohibits misleading security claims and mandates annual security testing. Although no financial penalty is included, non-compliance could result in significant fines.

Veeam patches a critical vulnerability in their Backup for Microsoft Azure product. 

A critical vulnerability, CVE-2025-23082, has been identified in Veeam Backup for Microsoft Azure, affecting versions up to 7.1.0.22. This high-severity flaw (CVSS 7.2) enables unauthenticated attackers to exploit a Server-Side Request Forgery (SSRF) weakness, allowing unauthorized network enumeration and potential follow-up attacks.

Veeam discovered the issue during internal testing and released a patch (version 7.1.0.59) to address it. Users are urged to update their systems immediately to mitigate risks. 

Hackers leak sensitive data from over 15,000 Fortinet firewalls. 

Hackers known as Belsen Group have leaked sensitive user data from over 15,000 Fortinet firewalls on the dark web. The data, reviewed by security researcher Kevin Beaumont, appears authentic, including usernames, passwords (some in plain text), SSH keys, digital certificates, and firewall rules. The leak stems from a 2022 zero-day vulnerability (CVE-2022-40684) affecting FortiOS, FortiProxy, and FortiSwitchManager.

Organizations are urged to check patch histories, update credentials, and assess exposure. Many impacted devices remain in use, often maintained remotely. The leaked data, dating back to October 2022, highlights ongoing risks from unpatched systems. Fortinet has also recently warned of another zero-day vulnerability (CVE-2024-55591) potentially under attack.

 

Our guest today is Oren Koren, Veriti's Co-founder and CPO, sharing insights about the state of healthcare cybersecurity. And, arrgh…Meta may have engaged in some piracy. We’ll be right back.

Welcome back.

Shiver me timbers! Meta’s AI trains on a treasure chest of pirated books. 

Meta’s legal troubles have deepened as new evidence exposes the company’s reliance on pirated content to train its AI models, marking a major escalation in its copyright infringement case. Unredacted court documents reveal Meta’s AI team used LibGen, a notorious repository of pirated books, to train its models. The lawsuit, filed by authors including Richard Kadrey and Sarah Silverman, claims Meta knowingly leveraged stolen works. The court slammed Meta’s excessive secrecy, accusing it of seeking to avoid bad PR rather than protecting business interests.

Internal exchanges reveal employees’ concerns over torrenting pirated data on corporate devices and even escalations to CEO Mark Zuckerberg, who allegedly approved its use. Meta also seeded pirated files, effectively becoming a distributor of stolen material.

Meta’s arguments hinge on “fair use,” but the revelations could significantly bolster the plaintiffs’ case, including potential Digital Millennium Copyright Act violations. This scandal underscores Meta’s cavalier approach to intellectual property and its shaky defense against claims of exploiting shadow libraries. 

Move fast and pirate things…

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.